Access Manager Configuration Information

The Java ES installer supports the installation of these subcomponents of Access Manager:

Identity Management and Policy Services Core

Access Manager Administration Console

Common Domain Services for Federation Management

Access Manager SDK

Note –

Access Manager SDK is automatically installed as part of Identity Management
and Policy Services Core, but the SDK can also be installed separately on a remote
host. For information about separate installation of Access Manager SDK, refer
to Access Manager SDK Configuration Information

The installer needs different information depending on which subcomponents you
are installing, as the following table indicates. The table also refers you to the
tables where the relevant information is described.

Access Manager: Administration Information

The installer needs the following information if you are installing Access Manager Administration
Console.

Table 1–3 Administration Information
for Access Manager

Label and State File Parameter

Description

Administrator User ID

IS_ADMIN_USER_ID

Access Manager top-level administrator. This user has unlimited access to
all entries managed by Access Manager.

The default name, amadmin, cannot be changed. This ensures
that the Access Manager administrator role and its privileges are created and mapped
properly in Directory Server, allowing you to log onto Access Manager immediately
after installation.

Administrator Password

IS_ADMINPASSWD

Password of the amadmin user. The value must have at least
eight characters.

The default value is the Administrator Password (CMN_ADMIN_PASSWORD ) you provided under Common Server Settings. Refer to Common Server Settings.

LDAP User ID

IS_LDAP_USER

Bind DN user for LDAP, Membership, and Policy services. This user has read and
search access to all Directory Server entries.

The default user name, amldapuser, cannot be changed.

LDAP Password

IS_LDAPUSERPASSWD

Password of the amldapuser user. This password must be different
from the password of the amadmin user. It can be any valid Directory
Service password.

Password Encryption Key

AM_ENC_PWD

A string that Access Manager uses to encrypt user passwords.

Note: For security purposes, it is recommended that the password encryption
key be 12 characters or longer.

The interactive installer generates a default password encryption key. You can
accept the default value or specify any key produced by a J2EE random number generator.
During Access Manager installation, its property file is updated and the property am.encryption.pwd is set to this value. The property file is AMConfig.properties . Location is:

Solaris OS: /etc/opt/SUNWam/config

Linux: /etc/opt/sun/identity/config

All Access Manager subcomponents must use the same encryption key that the
Identity Management and Policy Services Core uses. If you are distributing Access Manager subcomponents
across hosts and installing Administration Console or Common Domain Services for Federation
Management, copy the value for am.encryption.pwd as generated by
the installation of the core, and paste the value into this field.

In a state file, the default is LOCK. Any character combination
is permitted.

Install type

AM_REALM

Indicates the level of interoperability with other components. Choice of Realm
mode (version 7.x style) or Legacy mode (version 6.x style). You must use Legacy mode
if you are installing Access Manager with Portal Server, Messaging Server, Calendar Server, Delegated Administrator,
or Instant Messaging.

Installing Access Manager Core and Console

This section describes the services information that the installer needs when
you are installing the Identity Management and Policy Services Core and the Access Manager Administration
Console subcomponents.

In this scenario, you can deploy a new console or use a previously deployed
console. If you deploy a new console, some information in Installing Access Manager Core and Console is not needed, as the Description
column indicates.

URI prefix for accessing the common domain services on the web container.

The default value is amcommon. Do not enter a leading slash.

Cookie Domain

COOKIE_DOMAIN_LIST

The names of the trusted DNS domains that Access Manager returns to a browser
when Access Manager grants a session ID to a user.

You can scope this value to a single top-level domain, such as example.com . The session ID will provide authentication for all subdomains of example.com.

Alternatively, you can scope the value to a comma-separated list of subdomains,
such as .corp.example.com,.sales.example.com. The session ID will
provide authentication for all subdomains in the list.

A leading dot (.) is required for each domain in the list.

The default value is the current domain, prefixed by a dot (.).

Administration Console:

Deploy new console and

Use existing console

USE_DSAME_SERVICES_WEB_CONTAINER

Choose Deploy new console to deploy the console into the web container of the
host on which Access Manager is being installed. Choose Use existing console to
use an existing console that is deployed on another host.

In both cases, you specify the Console Deployment URI and Password Deployment
URI. If you choose to use an existing console, you must also specify the Console Host
Name and Console Port.

In a state file, specify true to deploy a new console or false to use an existing console.

URI that determines the mapping that the web container running Access Manager will
use between a string you specify and a corresponding deployed application.

The default value is ampassword. Do not enter a leading slash.

Console Host Name

CONSOLE_HOST

Fully qualified domain name for the server hosting the existing console.

This value is not needed if you are deploying a new console. In graphical installation
mode, you can edit the field only if you are using an existing console.

The default value contains the value that you provided for Host (IS_SERVER_HOST ), a dot, and then the value that you provided for DNS Name in the Common
Server Settings. Refer to Common Server Settings.

As an example, if the host is siroe and the domain is example.com, the default value is siroe.example .com.

Console Port

CONSOLE_PORT

Port on which the existing console listens for connections. Permitted values
are any valid and unused port number, in the range 0 (zero) through 65535.

This value is not needed if you are deploying a new console. In graphical installation
mode, you can edit the field only if you are using an existing console.

The default value is the value you provided for one of the following web container
ports:

URI prefix for accessing the common domain services on the web container.

The default value is amcommon. Do not enter a leading slash.

Access Manager: Directory Server Information

The installer needs the following information if you are installing Identity
Management and Policy Services Core.

Table 1–10 Directory Server Information
for Access Manager

Label and State File Parameter

Description

Directory Server Host

IS_DS_HOSTNAME

A host name or value that resolves to the host on which Directory Server resides.

The default value is the fully qualified domain name of the local host. For
example, if the local host is siroe.example.com, the default value
is siroe.example.com.

Directory Server Port

IS_DS_PORT

Port on which Directory Server listens for client connections.

The default value is 389.

Access Manager Directory Root Suffix

IS_ROOT_SUFFIX

Distinguished name (DN) to set as the Access Manager root suffix.

The default value is based on the fully qualified domain name for this host,
minus the host name. For example, if this host is siroe.subdomain.example.com , the value is dc=subdomain,dc=example,dc=com

Directory Manager DN

IS_DIRMGRDN

DN of the user who has unrestricted access to Directory Server.

The default value is cn=Directory Manager.

Directory Manager Password

IS_DIRMGRPASSWD

Password for the directory manager.

Access Manager: Provisioned Directory Information

The information needed to configure a provisioned directory depends on whether
the installer detects an existing provisioned directory on your host.

When the installer is generating a state file, IS_EXISTING_DIT_SCHEMA=y is written to the state file if the installer finds an existing provisioned
directory. The installer writes IS_EXISTING_DIT_SCHEMA=n to the
state file if the installer does not find an existing provisioned
directory.

Existing Provisioned Directory Found

If the installer finds an existing provisioned directory, you provide the following
information.

No Existing Provisioned Directory Found

If the installer does not find an existing provisioned directory, you can choose
whether to use an existing provisioned directory. If you answer Yes to the first question
in this table, you must answer the remaining questions in the table.